Apple should've warned its customers about Siri, expert says

Siri may well sound like it wants to be your friend, but unfortunately it really isn't personal, have a friend pick up your locked iPhone 4S and Siri will spill the beans on almost anything

Apple should have warned its customers about the Apple iPhone 4S Siri security flaw, which enables third parties to access users' personal information using Siri, even when the screen is locked, a security expert said.

Yesterday, T3 reported that potential thieves can ask Siri, Apple's new voice-recognition software, for users' personal details without having to enter a passcode. At the press of the Home button, a person is able to send texts, emails and request calendar information without having to unlock the homescreen.

Alan Goode, managing director of mobile security firm Goode Intelligence, said: “The vulnerability discovered in Apple’s new voice recognition service, Siri, is a serious one, and one that should not have been released into the live.

“The positive thing is that accessing some of the more sensitive services in this manner, such as email, is forbidden.

He continued: “But I could still run up a pretty impressive and annoying phone bill if I had malicious intent and if Apple missed this pretty easy to find vulnerability then what other security threats are hiding in Apple’s latest mobile OS?”

The setting isn't a permanent one - users have the option of switching it off by disabling the option to enable Siri at passcode lock - however Goode argues that because this setting was set at default without users' acknowledgement, many iPhone 4S owners would have been unaware of the potential risks they were exposing themselves to.

He said: “We feel that this option should have been the default option that Apple should have configured on all devices and then let the user decide whether they want to take the risk of someone accessing text, call and appointment services without entering the correct passcode.

Another expert, Graham Cluely, from the security software firm Sophos, summed up his concerns about Apple's decision. He said: "What's disappointing to me though is that Apple had a clear choice here. They could have chosen to implement Siri securely, but instead they decided to default to a mode which is more about impressing your buddies than securing your calendar and email system."

Goode added: "Perhaps by the time that Siri is fully functioning in the UK Apple will have seen sense and change the default setting."

Apple iPhone 4S: Features

With an improved A5 processor and the inclusion of iOS 5 the iPhone 4S has seen phenomenal sales over the weekend, and with Siri embedded so deeply into how the phone operates it'll be interesting to see how everyday consumers will react to the news.